Resubmissions

12/04/2024, 13:43

240412-q1m7tsdh6x 9

12/04/2024, 13:42

240412-qzpdhadh51 10

12/04/2024, 13:42

240412-qzn3qsdh5z 8

12/04/2024, 13:42

240412-qznf7sdh5y 8

12/04/2024, 13:42

240412-qzm6fadh5x 10

09/04/2024, 06:32

240409-haylwage76 8

09/04/2024, 06:31

240409-hakp1sbh8v 8

09/04/2024, 06:31

240409-hacdmsge68 8

09/04/2024, 06:30

240409-g9kzdsge63 10

General

  • Target

    bb50ae148cf4986c2ac4c81e75412a91910fe8fb169bd054d130a775af4b5e35.exe

  • Size

    1.9MB

  • Sample

    240412-qzm6fadh5x

  • MD5

    97e5f2c04baad060d0169b7d76cfa5de

  • SHA1

    00d5d0699bf1ccddf28fbd9eeb6ed9aaa8bc320b

  • SHA256

    bb50ae148cf4986c2ac4c81e75412a91910fe8fb169bd054d130a775af4b5e35

  • SHA512

    56fabb8ec6be3cdb582214c9519a3ae59d4b4d0e97262c646cdbc6ac54d0f0fddb692e5fbebb6589ce2e63cae4f4567812aa911765431d95d412d4a86de82e9f

  • SSDEEP

    49152:gFnov1UndgBEDJnUJFLIzBAxmOcgSp/QDsYiX:MnovedqGoWFAxP2QHi

Score
10/10

Malware Config

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    jprsystems.in
  • Port:
    21
  • Username:
    contactus

Targets

    • Target

      bb50ae148cf4986c2ac4c81e75412a91910fe8fb169bd054d130a775af4b5e35.exe

    • Size

      1.9MB

    • MD5

      97e5f2c04baad060d0169b7d76cfa5de

    • SHA1

      00d5d0699bf1ccddf28fbd9eeb6ed9aaa8bc320b

    • SHA256

      bb50ae148cf4986c2ac4c81e75412a91910fe8fb169bd054d130a775af4b5e35

    • SHA512

      56fabb8ec6be3cdb582214c9519a3ae59d4b4d0e97262c646cdbc6ac54d0f0fddb692e5fbebb6589ce2e63cae4f4567812aa911765431d95d412d4a86de82e9f

    • SSDEEP

      49152:gFnov1UndgBEDJnUJFLIzBAxmOcgSp/QDsYiX:MnovedqGoWFAxP2QHi

    Score
    10/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks